In an unexpected turn of events, an iOS 8 activation lock bypass has emerged. You can now bypass iOS 8 activation lock using a custom DNS server and some glitches. This is not a forever solution but can allow access into the device to achieve the previous owners email for contacting purposes. This will also allow you to make use of the activation locked device and bypass the iOS 8 activation lock and watch movies, youtube or play games. There are many functions to explore with thus bypass method.

This method has been tested with the iPhone 5S, 5 and 4S by me personally all on the latest iOS 8.1.3 firmware. This does also work on the latest iPhone, iPad and iPod Touch 5G models.

Step 1.The custom DNS server you need to enter is: 78.109.17.60

Step 2. Go to the last activation screen and select ‘Activation Help’, this will boot you over to the custom website. Here you can play games, watch youtube and so much more. If you wish to permanently bypass iOS 8 activation lock, read on below.

Step 6. Click back and then next. As shown in the video above, proceed to slide to unlock and click the language options for a solid 2-3 minutes to finally be booted to the homescreen.

Step 7. Once on the homescreen you can open 3 applications, Phone, Newsstand and Facetime. Note you need to force restart by holding Power + Home every time you open an app to restart your device and the bypass iOS 8 activation lock process.

Step 8. Open the Facetime application and here you can find the email of the previous owner to which you can email and ask that your device be taken off their iCloud account. If you can’t find the email here, restart this process and open the Phone application to see the owners phone number.

Kevin Mitnick was once the most wanted cybercriminal in the world. He had an obsession with computers that escalated into a two and half year hacking spree where he stole millions of dollars of corporate secrets from IBM, Motorola, telecom companies and even the National Defense warning system. He was caught twice in jail twice for his crimes, but now he is a computer security consultant .

2. Vladimir Levin

Vladimir Leonidovitch Levin is a Russian Hacker of genius proportions. In 1994 while working with a dialup connection and a laptop from Saint Petersburg, Apartment he accessed the accounts of several large corporate customers of Citibank stealing USD 10.7 million. He ended up spending three years in jail. However, in 2005 an anonymous hacker group came claiming that they were the ones truly responsible for the theft and that they only sold Vladimir the data needed to steal the money.

3. Mathew Bevan and Richard Pryce

In 1996, Mathew Bevan and Richard Pierce were 21 and 17 respectively, when they broke into military computers. They didn’t only hack into US military computers, but the officials thought they might have also hacked into North Korean Systems as well. These people have the unique distinction of saying that they almost started a war.

4. Michael Calce a.k.a MafiaBoy

Michael Calce, a Canadian Hacker was responsible for a series of high profile cyber attacks in 2000. Project Rivolta a project name he called it meaning riot in Italian was a distributed denial of service attack that took down major websites Yahoo, FIFA, Amazon, eBay, CNN, and Dell among others. He was caught after bragging about the attacks in an IRC chat room for which he got eight months in jail. Why such a short sentence? Michael was only in high school at the time.

5. Adrian Lamo

Adrian Lamo is best-known for hacking into major cooperation’s like Yahoo, Bank of America, Citigroup, The New York Times and Microsoft but the way he did it made him famous. He used public internet connections like libraries and coffee shops to hack to hack into major sites. Because of that style he was named as ‘Homeless Hacker’. In 2004 after being caught he was given six months house arrest in order to pay $65,000 in restitution.

6. Jeanson James Ancheta

Jeanson James Ancheta has been first hacker ever to create a botnet a group hijacked computers that work together for a legal means. In 2004 he started to work with botnets rxbot, a computer worm that can spread his net of infected computers which gave him control to 500,000 computers including US military computers. He was forced to give up his BMW, pay more than $58,000 and serve 60 months in prison.

7. Gary Mckinnon

Gary Mckinnon a.ka Solo is a Scottish hacker who masterminded the largest military computer hack of all time. He hacked into 97 US armed forces and NASA computers between 2001 and 2002within a period of just 24 hours he deleted critical files including weapon logs. In total the damage that his hacking cost, cost the government an estimated $ 700,000.

8. Owen Walker

Owen Walker a.ka AKILL was only 17 when he let in an international hacking group that cause over 26 million dollars in damages. The school teenager was responsible for creating the Bot virus which spread into 1.3 million computers around the world crashing them. Even though he was caught despite all the damage he was released without being convicted.

9. Astra

The hacker named Astra, whose real name was never revealed was a 58 year old Geek Mathematician, who was operated between 2002 and 2008 during that five year period. He stole weapons technology data in 3D modeling software from a company called the Salt Group, which he sold up to USD 361 million to buyers all around the world. He was tracked down in an apartment in Athens, Greece.

10. Albert Gonzalez

Albert Gonzalez, over a two year period he stole a total of 175 million credit card numbers selling them online. A massive yet undisclosed amount of money was stolen from his victims through identity theft, leaving them to battle to restore the credit ratings and get their money back. He was sentenced to 40 years jail.

PS: There were a lot more hackers out there, these people are those who got caught .

Many says beauty with brains is a myth, but think again, we bring to you 5 astonishingly intelligent female hackers!

1. Adeanna Cooke

When a friend of former Playboy model Adeanna Cooke, used her images on internet to make money and to show her in bad light, instead of going to the cyber crime authorities, she hacked the website to retain her dignity. She not only cleared all of her photos but also helped many other girls to come out of similar kind of situations.

2. Anna Chapman

Russian national, Anna Vasil’yevna Chapmanis was staying in New York City when she was arrested with nine others under the charge of working for the Illegals Program spy ring under the Russian Federation’s external intelligence agency.

Chapman gained celebrity status right after her arrest by the FBI. Her pictures and videos went viral on the web. Chapman again earned a lot of media attention on 3 July 2013 when she asked Edward Snowden to marry her. For you to recall, Edward Snowden is an American computer specialist and former CIA employee and NSA contractor who disclosed classified details of several top secret United States, Israeli, and British government mass surveillance programs to the press.

3. Kristina Svechinskaya

The New York University student, Kristina Vladimirovna Svechinskaya, is one of the most common names in the world of hacking. She was accused to defraud several British and U.S. banks of sizeable sums and usage of false passports. As the reports says, Svechinskaya attacked thousands of bank accounts and managed to open at least five accounts in Bank of America and Wachovia via Zeus trojan horse. Out of this, she received $35,000 (£22,000) of money theft. As per the estimates, Svechinskaya with nine other people skimmed $3 million.

4. Joanna Rutkowska

Ethical hacker and a polished computer security researcher, Joanna Rutkowska, is particularly famous for her researches on low-level security and stealth malware. She gained a lot of popularity after the Black Hat Briefings conference in Las Vegas which was held in August 2006. Rutkowska here presented an attack against Vista kernel protection mechanism, and another technique dubbed as Blue Pill. Blue pill used hardware virtualization in order to turn a running OS into a virtual machine. Later she was mentioned amongst Five Hackers who put a Mark on 2006 by eWeek Magazine.

Rutkowska also gained some headlines when she sent an open advice to Microsoft’s Vice President of Security Technology Unit to further tighten security on Windows Vista system. An elite hacker and entrepreneur, Rutkowska, launched her own security services startup Invisible Things Lab in Warsaw, Poland.

5. Ying Cracker

Popular as one of the most beautiful hackers, Ying Cracker is an educator from Shanghai, China. The hacker is known for teaching people the basics of hacking which include things like changing IP address and wiping office passwords.

It an online forum called ‘Chinese Hottie Hackers’ that got Cracker the said popularity. The forum pulled a huge fan base for Cracker. She is an expert in hacker software writing and charges good fee for courses on simple hacking tools. She also helps other people to crack software and charges 500-5000 RMB in the process, which is why she got the last name ‘Cracker!’

That article revealed a new vulnerability that gave attackers, the ability to perform spoofing attack.

Many people wrote to me about the problems of that kind of article (for example).

So this time I’m goanna reveal a new 0DAY that will help security managers to protect their web sites against many vulnerability scans.

A lot of sites owners will tell you that the majority numbers of scans, performed against their sites, are performed by automatic tools like NESSUS, ACUNETIX, and APPSCAN.

Today 0DAY will be focused on one of the most popular web scan in the world, ACUNETIX.

The POC will be against ACUNETIX 8 (build 20120704 since it’s one of the most common cracked version which was published in the net and used by many newbie hackers).

This disclosure will not only reveal a new vulnerability, but demonstrates a whole new perception of dealing with external attacks.

Instead of protecting your web sites again and again, or buying a new advanced WAF (web application firewall), let’s give the attackers a reason to be afraid, reason to think twice before they press the “SCAN” button.

In this article, I will not give a full working exploit for all scan scenarios nor for all operating systems, but a proof of concept that hopefully will grow into a new effort of research for vulnerabilities in Penetration test tools.

So let’s get our hands dirty

ACUNETIX is a powerful tool for scanning and finding vulnerabilities at websites.

Many newbie attackers tend to use this tool due to the simplicity of its use.

ACUNETIX offers its users a simple wizard base scan that covers many aspects of the vulnerability scan.

One of the aspects is the ability to scan more domains or sub domains related to the scanned website.
For example, if we scan my blog “http://an7isec.blogspot.co.il”, we will get the result shown below:
After a little research about this option, I figured out that ACUNETIX starts its wizard by sending an HTTP request to the site and learning about it from its HTTP response.

Furthermore the wizard learns about the external related domains from the external sources that appear at the website, for example:

“<img src=http://externalSource.com/someimg.png >”

“<a href=http://externalSource.com/ ></a>”

Etc…

Further Analysis reveals that if one of the external domain name length is more than 268 Byte’s, ACUNETIX will be crashed , so if we want to cause a crash, all we need to do is to put some kind of external source at our site, which have the length of 268 Byte’s or more, say something like this:
<A href= “http://AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAA”>

Quick view of this application in Immunity Debugger reveals that EDX was corrupted by the fuzzing string which caused access violation:

Despite the fact that further writing runs over the Structured Exaction Handler (SEH) as you will probably notice ,my advice for you is not to go that way, believe me I tried it for several days with no success (because of the safe SHE mechanism).

However, we have another problem with this exploit, In one word, “ASCII”.

ACUNETIX gets its information about external domains as a URL.

This fact causing the string to be converted into Web Browser friendly string.

500f = 0x66303035 : readable memory location for fixing the flow of the application that was corrupted by the buffer overflow.

]Qy~ = 0x7e79515d (JMP ESP from SXS.DLL).

OK, right now we are at the semifinal stage, running the application against above payload, produced the next result:

Yea… we landed exactly at the beginning of the final payload.

The next step will be to use suitable windows shell that will be made only from URL string (limited ASCII).

Such shell can be generated with “ Metasploit ” and it is called “Alphanumeric Shell”.

The important thing to remember while using such payload, is that the payload’s start address must be presented at one of the registers. If the payload presents at ESP, the first OP CODE of the shell need to be “PUSH ESP”.

In my Proof of concept, I used simple “CALC.EXE” shell code generated by “Metasploit that led me to the final stage which is ;working exploit!!

Moreover, our exploit is successfully bypassing DEP protection, simply by choosing only the addresses that aren’t compiled with DEP.

And due to the fact that ACUNETIX itself is not complied with DEP, this exploit should work perfectly on windows XP.

After successfully reaching all our goals, Let’s look on the final working exploit:

Following all the above, we created a powerful exploit that Newbie hackers

will definitely fall for.

This exploit will give us the ability to do everything with all that nasty Newbie hackers that scan our sites day and night, killing our traffic, filling all the web site forms with junk and so on…

Furthermore it can be used in order to collect smart intelligence about hostile forces who want to attack our web application.

BUT!!

The more powerful idea that motivated me to reveal this concept and POC, is the fact that this exploit is Anonymity killer! , because even if the attacker uses the most smart and secure proxy in the world, such as “TOR” and others, his ass will be revealed and full control on his scanning machine will be gained.
The exploit can be download from here.

9 people in the United States and Ukraine were charged with making $30 million by hacking into business newswire services and learning corporate press releases before they were published. They monetized this information by trading on it ahead of the pack on Wall Street.

Law enforcement authorities claimed they prosecuted the largest scheme of such a kind. The US Securities and Exchange Commission (SEC) brought related civil charges against the nine plus 23 other people.

So, who was charged? Two people described as Ukrainian hackers, 6 stock traders (5 of them in the US) and even a US real estate developer. Charges included offenses such as securities fraud, computer fraud and conspiracy to commit money laundering. The police revealed that for about 3 years starting in 2010, the group gained access to news releases that weren’t yet issued by a number of business newsmakers: Marketwired of Toronto, PR Newswire of New York and Business Wire of San Francisco. The compromised news releases contained earnings figures and other important data, which was used to make trades, exploiting a time gap ranging from hours to three days.

5 defendants were arrested earlier this week, and arrest warrants were issued for 4 people in Ukraine. As for the hacking part, the computer “experts” were paid based on how much the traders earned. Apparently, the hacks were revealed when Business Wire hired a cybersecurity company to test its systems and make sure they are secure.

For example, the group made over $600,000 by trading the stock of Peoria, Illinois-based Caterpillar Inc. in 2011 exploiting a news release containing information on the company’s 3Q profits rising 27%. Another $1.4m was earned trading stock in San Jose, California-based Align Technology in 2013 ahead of a press release saying that annual revenue increased by more than 20%.